References
International standards
Section titled “International standards”AI management
Section titled “AI management”- ISO/IEC 42001:2023. Information technology. Artificial intelligence. Management system. International Organization for Standardization.
- NIST AI Risk Management Framework 1.0 (January 2023). National Institute of Standards and Technology, U.S. Department of Commerce. https://www.nist.gov/itl/ai-risk-management-framework
- EU AI Act. Regulation (EU) 2024/1689 of the European Parliament and of the Council laying down harmonised rules on artificial intelligence. Official Journal of the European Union, 1 August 2024.
Security
Section titled “Security”- ISO/IEC 27001:2022. Information security, cybersecurity and privacy protection. Information security management systems.
- ISO/IEC 27018:2019. Protection of personally identifiable information (PII) in public clouds.
- ISO/IEC 27035-1:2023. Information security incident management.
- OWASP Top 10 for Large Language Model Applications (current edition). Open Worldwide Application Security Project. https://owasp.org/www-project-top-10-for-large-language-model-applications/
- NIST Cybersecurity Framework 2.0 (February 2024).
Other references
Section titled “Other references”- ISO/IEC 27005. Information security risk management.
- ISO/IEC 42005 (draft, expected publication 2026). Artificial intelligence. AI system impact assessment.
Vietnamese law
Section titled “Vietnamese law”- Luật An toàn thông tin mạng (Law on Cyberinformation Security, 2015), No. 86/2015/QH13.
- Luật An ninh mạng (Law on Cybersecurity, 2018), No. 24/2018/QH14.
- Luật Giao dịch điện tử (Law on E-Transactions, 2023), No. 20/2023/QH15.
- Luật Kế toán (Law on Accounting, 2015), No. 88/2015/QH13.
- Decree 13/2023/NĐ-CP (17 April 2023). Personal Data Protection.
- Decree 123/2020/NĐ-CP (19 October 2020). Invoices and accounting documents.
- Thông tư 78/2021/TT-BTC (17 September 2021). Guidance on the Law on Tax Administration and Decree 123/2020.
- Thông tư 09/2020/TT-NHNN (21 October 2020). Data classification and information-system security in banking.
International law
Section titled “International law”- Regulation (EU) 2016/679 (GDPR). General Data Protection Regulation.
- Regulation (EU) 2024/1689. EU AI Act.
Technical references
Section titled “Technical references”- Model Context Protocol (MCP). Open standard for safe LLM-to-tool integration. https://modelcontextprotocol.io/
- Agent-to-Agent Protocol (A2A). Open standard for structured inter-agent communication.
Reference frameworks consulted in BAGF design
Section titled “Reference frameworks consulted in BAGF design”- Databricks AI Governance Framework v1.0 (September 2025). Used as a structural template. BAGF expanded the substance with Bizzi-specific decisions.
Footnote conventions
Section titled “Footnote conventions”Throughout BAGF v1.0 the footnote convention is:
[^DAGF:p.N]. Databricks AI Governance Framework reference.[^smith2024]. External scholarly source.- Plain URL footnotes. Live web references.